ftshare-all-in-one
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill retrieves financial information from the specified vendor domains market.ft.tech and ftai.chat. These network operations are strictly limited to these domains via an allowlist implemented in the common request utility.
- [COMMAND_EXECUTION]: Local Python scripts are used to fetch and process data. The skill includes a dispatcher script that validates subcommands against a known list of internal scripts to prevent the execution of arbitrary local files.
- [PROMPT_INJECTION]: The skill processes data from external APIs which represents a surface for indirect prompt injection. 1. Ingestion points: External financial data retrieved by scripts in the scripts directory. 2. Boundary markers: No explicit boundary markers are added to the JSON data before it is presented to the agent. 3. Capability inventory: The skill is allowed to use bash and read tools. 4. Sanitization: API response data is output as JSON without additional sanitization of string content.
Audit Metadata